-----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) FAQ Revised 28 September 1996 Disclaimer -- I haven't recently verified all of the information in this file, and much of it is probably out of date. For questions not covered here, please read the documentation that comes with PGP, get one of the books mentioned below, or search for other relevant FAQ documents at rtfm.mit.edu and on the alt.security.pgp comp.security.pgp comp.security.pgp.ressources news group. A NOTE FROM THE FAQ MAINTAINERS Peter Herngaard is taking over the maintenance of this FAQ until further notice. Some of you sent me (Mike Johnson) corrections and suggestions for this FAQ, and I stored them away on my hard disk to edit from. Then, Windows 95 got indigestion (induced by a sound card) and destroyed all of the data in that partition. If you suggested changes and they aren't in this FAQ, please send them to Peter Herngaard . WHAT IS THE LATEST VERSION OF PGP? Viacrypt PGP (commercial version): 4.00 MIT & Philip Zimmermann (freeware, USA-legal): 2.6.2 Staale Schumacher's International variant: 2.6.3i for non-USA (2.6.3ai source code only); 2.6.3 for USA (2.6.3 U.S. Compliant version for (Macintosh and MS-DOS)) WHERE CAN I GET VIACRYPT PGP? Just call 800-536-2664 and have your credit card handy. WHERE IS PGP ON THE WORLD WIDE WEB? U.S. only availability: PGP: http://web.mit.edu/network/pgp-form.html PGPfone: http://web.mit.edu/network/pgpfone International availability: PGP and PGPfone: http://www.ifi.uio.no/pgp/ WHERE CAN I FTP PGP IN NORTH AMERICA? If you are in the USA or Canada, you can get PGP by following the instructions in any of: ftp://net-dist.mit.edu/pub/PGP/README ftp://ftp.csn.net/mpj/README.MPJ ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/ ftp://ftp.gibbon.com/pub/pgp/README.PGP ftp://ftp.wimsey.bc.ca/pub/crypto/software/README WHERE IS PGP ON COMPUSERVE? GO NCSAFORUM. Follow the instructions there to gain access to Library 12: Export Controlled. AOL Go to the AOL software library and search "PGP" or ftp from ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp or another site listed above. It is possible to get PGP from ftp sites with hidden directories with the following trick: (1) View the README file with the hidden directory name in it, then quickly (2) Start a new ftp connection, specifiying the hidden directory name with the ftp site's address, like ftp.csn.net/mpj/I_will_not_export/crypto_xxxxxxx (where the xxxxxxx is replaced with the current character string). WHAT BULLETIN BOARD SYSTEMS CARRY PGP? MANY BBS carry PGP. The following carry recent versions of PGP and allow free downloads of PGP. US 303-516-9969.Hacker's Haven, Denver, CO 303-772-1062 Colorado Catacombs BBS, Longmont CO 8 data bits, 1 stop, no parity, up to 28,800 bps. Use ANSI terminal emulation. For free access: log in with your own name, answer the questions. 314-896-9309 The KATN BBS 317-887-9568 Computer Virus Research Center (CVRC) BBS, Indianapolis, IN Login First Name: PGP Last Name: USER Password: PGP 501-791-0124, 501-791-0125 The Ferret BBS, North Little Rock, AR Login name: PGP USER Password: PGP 506-457-0483 Data Intelligence Group Corporation BBS 508-668-4441 Emerald City, Walpole, MA 601-582-5748 CyberGold BBS 612-690-5556, !CyBERteCH SeCURitY BBS! Minneapolis MN 914-667-4567 Exec-Net, New York, NY 915-587-7888, Self-Governor Information Resource, El Paso, Texas 909-681-6221 ATTENTION to Details (ATD BBS) All lines v.32bis/14.4KBPS minimum CH +41-1-322-7129 MoonLight BBS, Zurich 28800 bps, V34 ZYXEL ELITE 2864 DE +49-781-9483621 MAUS BBS, Offenburg - angeschlossen an das MausNet +49-521-68000 BIONIC-BBS Login: PGP DK +45 47 10 72 76 HIT-BBS, Veksoe 28800 bps U.S. Robotics V.34 Log in with your real first and last name and complete the registration procedure. Search for PGP in the file area. NL +31-26-3890037 Viber BBS, NOTB HOST Gelderland 8 data bits, 1 stop, no parity, up to 28,800 bps. (ISDN soon) Use ANSI terminal emulation. For free access: log in with your own name, answer the questions. Latest vesion and other tools: FILE AREA: [NOTB] - PGP +31-71-5768914 Insanity Systems III Just logon and answer some questions about where you live and get PGP as well as a lot of PGP-tools for free. The system also has an offline and online PGP-server available for your public keys. WHERE CAN I FTP PGP CLOSE TO ME? BR ftp://ftp.ibilce.unesp.br/pgp The last avaliable version is PGP 2.6ui DE ftp://ftp.cert.dfn.de/pub/pgp/ IT ftp://idea.sec.dsi.unimi.it/pub/security/crypt/PGP FI ftp://ftp.funet.fi/pub/crypt/pgp/ NL ftp://ftp.nl.net/pub/crypto/pgp ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/pgp NO ftp://menja.ifi.uio.no/pub/pgp/ NZ ftp://ftphost.vuw.ac.nz SE ftp://leif.thep.lu.se TW ftp://nctuccca.edu.tw/PC/wuarchive/pgp/ UK ftp://sable.ox.ac.uk/pub/crypto/pgp HOW CAN I GET PGP BY EMAIL? If you have access to email, but not to ftp, send a message saying "help" to ftpmail@decwrl.dec.com or mailserv@nic.funet.fi WHERE CAN I GET MORE PGP INFORMATION? http://www.csn.net/~mpj http://www.mit.edu:8001/people/warlord/pgp-faq.html http://www.eff.org/pub/EFF/Issues/Crypto/ITAR_export/cryptusa_paper.ps.gz ftp://ds.internic.net/internet-drafts/draft-pgp-pgpformat-00.txt ftp://ds.internic.net/internet-drafts/draft-ietf-pem-mime-08.txt http://www-mitpress.mit.edu/mitp/recent-books/comp/pgp-source.html http://web.cnam.fr/Network/Crypto/(c'est en francais) http://web.cnam.fr/Network/Crypto/survey.html(en anglais) http://www2.hawaii.edu/~phinely/MacPGP-and-AppleScript-FAQ.html http://www.pgp.net/pgp http://www.sydney.sterling.com:8080/~ggr/pgpmoose.html http://www.ifi.uio.no/pgp/ http://inet.uni-c.dk/~pethern/privacy.html http://www.stack.urc.tue.nl/~goofy/PGP WHAT ARE SOME GOOD PGP BOOKS? Protect Your Privacy: A Guide for PGP Users by William Stallings Prentice Hall PTR ISBN 0-13-185596-4 US $19.95 PGP: Pretty Good Privacy by Simson Garfinkel O'Reilly & Associates, Inc. ISBN 1-56592-098-8 US $24.95 _E-Mail_Security_, _How To Keep Your Electronic Messages Private_ (covers PGP & PEM) by Bruce Schneier 365 pages c.1995 pub: John Wiley & Sons, Inc. ISBN 0-471-05318-X $24.95 US pace. The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP PRivacy Software by André Bacard Peachpit Press ISBN 1-56609-171-3 US $24.95 800-283-9444 or 510-548-4393 THE OFFICIAL PGP USER'S GUIDE by Philip R. Zimmerman MIT Press April 1995 - 216 pp. - paper - US $14.95 - ISBN 0-262-74017-6 ZIMPP Standard PGP documentation neatly typeset and bound. PGP SOURCE CODE AND INTERNALS by Philip R. Zimmerman April 1995 - 804 pp. - US $55.00 - 0-262-24039-4 ZIMPH How to Use PGP, 61 pages, (Pub #121) from the Superior Broadcasting Company, Box 1533-N, Oil City, PA 16301, phone: (814) 678-8801 (about US $10-$13). IS PGP LEGAL? Pretty Good Privacy is legal if you follow these rules: Don't export PGP from the USA except to Canada, or from Canada except to the USA, without a license. If you are in the USA, use either Viacrypt PGP (licensed for commercial use) or MIT PGP using RSAREF (limited to personal, noncommercial use). Outside of the USA, where RSA is not patented, you may prefer to use a version of PGP (2.6.3i) that doesn't use RSAREF to avoid the restrictions of that license. If you are in a country where the IDEA cipher patent holds in software (including the USA and some countries in Europe), make sure you are licensed to use the IDEA cipher commercially before using PGP commercially. (No separate license is required to use the freeware PGP for personal, noncommercial use). For direct IDEA licensing, contact Ascom Systec: Erhard Widmer, Ascom Systec AG, Dep't. CMVV Phone +41 64 56 59 83 Peter Hartmann, Ascom Systec AG, Dep't. CMN Phone +41 64 56 59 45 Fax: +41 64 56 59 90 e-mail: IDEA@ascom.ch Mail address: Gewerbepark, CH-5506 Maegenwil (Switzerland) Viacrypt has an exclusive marketing agreement for commercial distribution of Philip Zimmermann's copyrighted code. (Selling shareware/freeware disks or connect time is OK). This restriction does not apply to PGP 3.0, since it is a complete rewrite by Colin Plumb. If you modify PGP (other than porting it to another platform, fixing a bug, or adapting it to another compiler), don't call it PGP (TM) or Pretty Good Privacy (TM) without Philip Zimmermann's permission. IMPORTANT: Please note that there is an official distribution site for MIT PGP and another for the International version: WorldWideWeb references: U.S/Canada non-commercial use: http://web.mit.edu/network/pgp-form.html Norway/International non-commercial use: http://www.ifi.uio.no/pgp/ U.S. commercial use: http://www.viacrypt.com WHAT IS PHILIP ZIMMERMANN'S LEGAL STATUS? Philip Zimmermann was under investigation for alleged violation of export regulations, with a grand jury hearing evidence for about 28 months, ending 11 January 1996. The Federal Government chose not to comment on why it decided to not prosecute, nor is it likely to. The Commerce Secretary stated that he would seek relaxed export controls for cryptographic products, since studies show that U. S. industry is being harmed by current regulations. Philip endured some serious threats to his livelihood and freedom, as well as some very real legal expenses, for the sake of your right to electronic privacy. The battle is won, but the war is not over. The regulations that caused him so much grief and which continue to dampen cryptographic development, harm U. S. industry, and do violence to the U. S. National Security by eroding the First Ammendment of the U. S. Constitution and encouraging migration of cryptographic industry outside of the U. S. A. are still on the books. If you are a U. S. Citizen, please write to your U. S. Senators, Congressional Representative, President, and Vice President pleading for a more sane and fair cryptographic policy. WHERE CAN I GET WINDOWS & DOS SHELLS FOR PGP? http://www.dayton.net/~cwgeib ftp://menja.ifi.uio.no/pub/pgp/pc/msdos//apgp22b3.zip http://alpha.netaccess.on.ca/~spowell/crypto/pwf31.zip ftp://ftp.netcom.com/pub/dc/dcosenza/pgpw40.zip ftp://ftp.firstnet.net/pub/windows/winpgp/pgpw40.zip http://www.eskimo.com/~joelm(Private Idaho) ftp://ftp.eskimo.com/~joelm http://www.xs4all.nl/~paulwag/security.htm http://www.LCS.com/winpgp.html http://netaccess.on.ca/~rbarclay/index.html http://netaccess.on.ca/~rbarclay/pgp.html ftp://ftp.leo.org/pub/comp/os/os2/crypt/gcppgp10.zip ftp://ftp.leo.org/pub/comp/os/os2/crypt/pmpgp.zip http://www.aegisrc.com http://www.ncinter.net/~rewilson/pgpkey.html WHAT OTHER FILE ENCRYPTION (DOS, MAC) TOOLS ARE THERE? PGP can do conventional encryption only of a file (-c) option, but you might want to investigate some of the other alternatives if you do this a lot. Alternatives include Quicrypt and Atbash2 for DOS, DLOCK for DOS & UNIX, Curve Encrypt (for the Mac), HPACK (many platforms), and a few others. Quicrypt is interesting in that it comes in two flavors: shareware exportable and registered secure. Atbash2 is interesting in that it generates ciphertext that can be read over the telephone or sent by Morse code. DLOCK is a no-frills strong encryption program with complete source code. Curve Encrypt has certain user-friendliness advantages. HPACK is an archiver (like ZIP or ARC), but with strong encryption. A couple of starting points for your search are: U.S. only availability: ftp://ftp.csn.net/mpj/qcrypt11.zip ftp://ftp.csn.net/mpj/README ftp://ftp.miyako.dorm.duke.edu/pub/GETTING_ACCESS International availability: ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/file/ ftp://idea.sec.dsi.unimi.it/pub/crypt/code/ HOW DO I SECURELY DELETE FILES (DOS)? If you have the Norton Utilities, Norton WipeInfo is pretty good. I use DELETE.EXE in del110.zip, which is really good at deleting existing files, but doesn't wipe "unused" space. US ftp://ftp.csn.net/mpj/public/del120.zip NL ftp://basement.replay.com/pub/replay/pub/security/del120.zip UK ftp://ftp.demon.co.uk/pub/ibmpc/security/realdeal.zip WHAT DO I DO ABOUT THE PASS PHRASE IN MY WINDOWS SWAP FILE? The nature of Windows is that it can swap any memory to disk at any time, meaning that all kinds of interesting things could end up in your swap file. ftp://ftp.firstnet.net/pub/windows/winpgp/wswipe.zip WHERE DO I GET PGPfone(tm)? PGPfone is in beta test for Macintosh and Windows'9 users. The MIT has shut down their ftp distribution of PGPfone for Macintosh and Windows'95, so within the U.S/Canada you must obtain PGPfone using a WorldWideWeb browser. U.S. only availability: http://web.mit.edu/network/pgpfone International availability: ftp://basement.replay.com/pub/replay/pub/voice/ http://menja.ifi.uio.no/pub/pgp/ WHERE DO I GET NAUTILUS? Bill Dorsey, Pat Mullarky, and Paul Rubin have come out with a program called Nautilus that enables you to engage in secure voice conversations between people with multimedia PCs and modems capable of at least 7200 bps (but 14.4 kbps is better). See: U.S. only availability: ftp://ripem.msu.edu/pub/crypt/GETTING_ACCESS ftp://ripem.msu.edu/pub/crypt/other/nautilus-phone-0.9.2-source.tar.gz ftp://ftp.csn.net/mpj/README ftp://miyako.dorm.duke.edu/pub/GETTING_ACCESS International availability: ftp://sable.ox.ac.uk/pub/crypto/misc ftp://basement.replay.com/pub/replay/pub/voice/ The official Nautilus homepage is at: http://www.lila.com/nautilus/ HOW DO I ENCRYPT MY DISK ON-THE-FLY? Secure File System (SFS) is a DOS device driver that encrypts an entire partition on the fly using SHA in feedback mode. Secure Drive also encrypts an entire DOS partition, using IDEA, which is patented. Secure Device is a DOS device driver that encrypts a virtual, file-hosted volume with IDEA. Cryptographic File System (CFS) is a Unix device driver that uses DES. CryptDisk is a ShareWare package for Macintosh that uses strong IDEA encryption like PGP. U.S. only availability: ftp://ftp.csn.net/mpj/README ftp://miyako.dorm.duke.edu/mpj/crypto/disk/ International availability: http://www.cs.auckland.ac.nz/~pgut01/sfs.html ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/disk/ ftp://ftp.nic.surfnet.nl/surfnet/net-security/encryption/disk/ ftp://sable.ox.ac.uk/pub/crypto/misc/ ftp://menja.ifi.uio.no/pub/pgp/mac/ ftp://basement.replay.com/pub/replay/pub/disk/ WHERE IS PGP'S COMPETITION? RIPEM is the second most popular freeware email encryption package. I like PGP better for lots of reasons, but if for some reason you want to check or generate a PEM signature, RIPEM is available at ripem.msu.edu. There is also an exportable RIPEM/SIG. U.S. only availability: ftp://ripem.msu.edu/pub/GETTING_ACCESS International availability: ftp://idea.sec.dsi.unimi.it/pub/crypt/code/ HOW DO I PUBLISH MY PGP PUBLIC KEY? Send mail to one of these addresses with the single word "help" in the subject line to find out how to use them. These servers sychronize keys with each other. There are other key servers, too. pgp-public-keys@keys.pgp.net pgp-public-keys@keys.de.pgp.net pgp-public-keys@keys.no.pgp.net pgp-public-keys@keys.uk.pgp.net pgp-public-keys@keys.us.pgp.net WWW interface to the key servers: http://www-swiss.ai.mit.edu/~bal/pks-toplev.html For US $20/year or so, you can have your key officially certified and published in a "clean" key database that is much less susceptible to denial-of-service attacks than the other key servers. Send mail to info-pgp@Four11.com for information, or look at http://www.Four11.com/ Of course, you can always send your key directly to the parties you wish to correspond with by whatever means you wish. CAN I COPY AND REDISTRIBUTE THIS FAQ? Yes. Permission is granted to distribute unmodified copies of this FAQ. WHERE CAN I GET THE RECENT REVISION OF THIS FAQ IN PLAINTEXT? UseNet: alt.security.pgp,comp.security.pgp.ressources, alt.answers Ftp: ftp://ftp.csn.net/mpj/getpgp.asc Note that a lot of older revisions are floating around on the net. If you want to receive new revisions this FAQ directly from the maintainer instead send an email message to: Peter Herngaard WHERE CAN I GET THIS FAQ IN HTML? Some kind people have converted this document to HTML. You are free to convert this FAQ to whatever format you want. If you do so, I would appreciate it, and include the URL in this FAQ. Steven 'GoofY' de Brouwer http://www.stack.urc.tue.nl/~goofy/PGP/get_faq.htm Florian Helmberger http://www.geocities.com/athens/1802/where-is-PGP.html HOW DO I SUBMIT INFORMATION CORRECTLY TO THIS FAQ? Send your submission to Peter Herngaard: To submit information correctly to this FAQ, you should follow this guidelines: 1.0. When submitting information available by ftp, WWW, Gopher, etc. please use the notation similar to this: ftp://ftp.eff.org http://www.eff.org gopher://gopher.eff.org 1.1. You would help me if you yourself check the reference before sending the applicable address to me. 2.0. When submitting information about ressources available on Bulletin Board Systems (BBS) please include the following data, if available: BBS Name: [_____] Telephone number with international country code prefixed [_____] Connection rate: [300/1200/4800/7200/9600/14400/16800/19200/21600/26400/28800/31200/33600] User registration required before download of PGP: [Yes/No] Applicable export controls: [Yes/No/Don't know] Your home town and/or province: [_____] Comment [__________ __________] 3.0. If you submit a title of a published book please include author, year of publishing, publisher, ISBN, price etc. -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: cp850 iQCVAgUBMkzAj3N4jJfo4ES9AQE9YwP8C5JKtgfLSqzRaLSOzJK2pStc1zL6tHGM VI9b1kJI1+AwJ/eKN4/vvBdWbu6yVr7slgdOP74iPDLn+PWr91XDx79ydjWhuIYx a0tFBZBjRgO1m3Snsqle+PGb6/aE9bvlbXDOEaHnFCmO+F5dcgP2I47tJaRtPjM8 ZtMRFLsoB5w= =oOUR -----END PGP SIGNATURE-----